A pair of former nuclear power plant workers were arrested in connection to a cyberattack on Spain’s radioactivity alert network (RAR), national police announced Wednesday — allegedly sabotaging over one-third of the sensors critical for monitoring excessive levels of radiation across the country.
The RAR, controlled by the General Directorate of Civil Protection and Emergencies (DGPCE), was attacked between March and June 2021, police said.
The law enforcement operation, dubbed GAMMA, commenced in June 2021 when an attack compromised 800 gamma radiation detection sensors responsible for measuring dangerous surges in radioactivity levels across Spain’s nuclear infrastructure. The sensors relay measurements and necessary orders to a control center via a telephone system.
During the operation, law enforcement detected a computer intrusion aimed at deleting the web application for the management of RAR in the control center.
Spain’s National Police Cyberattack division found two addresses in these regions and a registered company. Computer and communication devices were taken from two alleged perpetrators who masked their efforts. Spanish police noted that the duo had full knowledge of the RAR maintenance program and managed to compromise over 300 out of 800 sensors at the facility.
Dynamic Duo Attacked Computer System
“The two detainees, former workers, attacked the computer system and caused the connection of the sensors to fail, reducing their detection capacity even in the environment of nuclear power plants,” Spanish police said in a translated statement.
According to the police, the investigation was a year-long effort of technical research and analysis in getting to the bottom of the hack. “They had a deep knowledge of [the network] that made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship, significantly increasing the difficulty of the investigation,” police said.
Police also said they were able to trace data related to the intrusion because the perpetrators used a public network belonging to a known hospitality establishment in the center of Madrid.
However, the exact motivation behind the attack is still unclear.
The Danger of Insider Threats
Cyber threats to critical institutions like those belonging to a nation’s nuclear systems can be catastrophic. Sometimes these threats are direct attacks by advanced persistent threat groups (APTs), and sometimes all it takes is a couple of ill-intentioned employees.
In June 2021, Kimsuky hacking group exploited a VPN (virtual private network) vulnerability to breach the internal network of the South Korean Atomic Energy Research Institute (KAERI). While in April of the same year, a cyberattack crippled a uranium enrichment facility in Natanz, Iran.
A 2021 report by Verizon suggested that insider threats were responsible for around 22% of security incidents. In a study of 5,000 global businesses, Kaspersky found that a colossal 52% of these businesses were concerned that the biggest threats lay within their workforce. For these reasons, it is critical not to overlook inside jobs in regard to cyberattacks. Our full overview of insider threats will tell you all you need to know.